CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

June 18, 2025

CVE ID : CVE-2025-49591

Published : June 18, 2025, 11:15 p.m. | 2 hours, 47 minutes ago

Description : CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user’s credentials can gain access to the victim’s account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

Next Article SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

ncgopher is a gopher, gemini and finger client

CVE-2025-47269 – Code-server Proxy Pathway Token Exfiltration

How to Master Recursion in JavaScript with Practical Examples

CVE-2025-5229 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2024-55910 – IBM Concert Software SSRF Vulnerability

CVE-2024-41197 – Ocuco Innovation INVCLIENT.EXE Remote Authentication Bypass Privilege Escalation

See-Through Parallel Universes with Your Mind’s Eye – The Course Guidebook: Chapter 9

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Related Posts